Augmented Attack Tree Modeling of SQL Injection Attacks {Comments Off on Augmented Attack Tree Modeling of SQL Injection Attacks}

by Jungh K
For this week’s blog assignment, I read an article, titled “Augmented Attack Tree Modeling of SQL Injection Attacks”.  The authors state that SQLIAs (SQL Injection Attacks) are the most frequently used and damaging attack methods according to the OWASP 2010 report.  Even though conventional attack trees are widely used, they lack in sufficient information for analysis of SQLIAs and therefore the authors propose augmented attack tree modeling to “link regular expressions capturing generic signatures to different types of SQLIAs”.  The authors outline seven types of SQLIAs, which are tautologies, illegal/logically incorrect queries, UNION query, piggy-backed queries, stored procedures, and inference and alternate encodings.  Also, the authors state that any one of the attack types can achieve the following ten kinds of attack goals:  identify injectable parameters, identify database finger-prints, determine database schema, extract data, add or modify data, perform DoS, evade detection, bypass authentication, execute remote commands, and escalate privilege.  In order to categorize the attack types, the authors utilize regular expressions to define specific signatures.  For instance, there are three key parts for the tautology query attacks to work.  Therefore, a regular expression to catch OR, true condition, and comment mark in the injected code is defined as a signature for tautology query attacks.  The authors lay out specific regular expressions for five out of the seven attack types discussed in the article.  This approach, according to the authors, captures attack types as well as the states of an attack that the convention attack trees are only capable of displaying.  The augmented attack tree modeling can be applied to evaluate and to study all the possible threats. read more...